Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsMicrosoft Technology Licensing, LLC › 18318621
Last updated: April 19, 2026
Application No. 18/318,621

ACCESS MANAGEMENT SYSTEM WITH A MULTI-ENVIRONMENT POLICY

Non-Final OA §DP
Filed
May 16, 2023
Examiner
LE, CANH
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Microsoft Technology Licensing, LLC
OA Round
1 (Non-Final)
74%
Grant Probability
Favorable
1-2
OA Rounds
3y 11m
To Grant
99%
With Interview

Interview Optional

+74.4% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 412 resolved cases, 2023–2026

Examiner Intelligence

LE, CANH View full profile →
Grants 74% — above average
74%
Career Allow Rate
303 granted / 412 resolved
+15.5% vs TC avg
Strong +74% interview lift
Without
With
+74.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 11m
Avg Prosecution
29 currently pending
Career history
441
Total Applications
across all art units

Statute-Specific Performance

§101
12.8%
-27.2% vs TC avg
§103
53.8%
+13.8% vs TC avg
§102
11.7%
-28.3% vs TC avg
§112
12.9%
-27.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 412 resolved cases

Office Action

§DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the amendment filed on 05/16/2023. Claims 1, 8, and 15 are independent claims. Claims 1-20 have been examined and are pending. This application is a continuation of U.S Patent Application No.: 16/458,173. This Action is made non-FINAL. In attempt to accelerate the process of prosecution, on December 30th, 2025, the Examiner has contacted the applicant (Mr. George-Leonard N. Ngengwe, Reg. No.: 68,530) to discuss possible amendments to move the case forward. The applicant has not returned a phone call. Information Disclosure Statement The information disclosure statement (IDS), submitted on 02/20/2025 are being considered by the examiner. Drawings The drawings were received on 5/16/2023. These drawings are reviewed and accepted by the Examiner. Examiner’s note In light of the specification, paragraphs [0072], the claimed computer readable storage does not include signal per se. Claim Objections Claim 20 is objected to because of the following informalities: Regarding claim 20; claim 20 recites the limitations “a first value to approve or deny the approval-request; a second value to selectively reduce or expand the scope of the approval request; a third value to indicate a request additional for human intervention for identifying values for one or more approval-request parameters.” in lines 9-12 which are redundant limitations in lines 4-8. Appropriate correction is required. For purpose of apply prior art, The Examiner ignores the redundant limitations form lines 9-12 of claim 20. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2 of U.S. Patent 11,700,278. Although the claim at issue is not identical, they are not patentably distinct from each other because all limitations recited in claim 1 of the instant application are anticipated by limitations recited in claims 1-2 of US 11,700,278 (See table below for details). Instant Application 18/318,621 U.S. Patent No.: 11,700,278 Claim1, An access management system, the system comprising: one or more processors; and one or more computer storage media storing computer-useable instructions that, when used by the one or more processors, cause the one or more processors to execute operations comprising: receiving, via an access management interface, policy values of policy parameters of a multi-environment policy, wherein the policy parameters are based on rules of the multi-environment policy that are configured based on a plurality of access vectors; wherein the access management interface operates with an access control manager comprising programmed instructions that define integrated access provisioning operations that combine provisioning of access to provider-controlled computing environments and customer-controlled computing environments; wherein the integrated access provisioning operations are based on subscription classifications that identify controlling subscribers of computing environments; wherein a computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values; communicating the policy values to cause generation of the multi-environment policy, wherein the multi-environment policy is implemented based on submitted request values of requests for access to the computing environments; receiving a request for access to the computing environment based on request parameters, wherein the request parameters are based on the rules associated with the multi-environment policy, wherein the access management interface includes graphical user interface elements associated with the plurality of access vectors; communicating the request to the access control manager; receiving, at the access control manager, request values of the request associated with the computing environment; based on the request values, determining whether the request is for a provider- controlled computing environment associated with provider parameters of the plurality of access vectors or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors; based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment; receiving the approval-request response values for the approval-request; communicating a request response indicating approval or denial of the request; receiving, via the access management interface, the request response comprising one or more approval-request response values, wherein the request response indicates approval or denial of access to the provider-controlled computing environment or the customer-controlled computing environment. Claim 1, An access management system for providing access to computing environments based on a multi-environment policy, the system comprising: one or more processors; and one or more computer storage media storing computer-useable instructions that, when used by the one or more processors, cause the one or more processors to execute: an access control manager configured for: receiving request values of a request associated with a computing environment, wherein the access control manager comprises programmed instructions that define integrated access provisioning operations for combined provisioning of access to provider-controlled computing environments and customer-controlled computing environment; wherein the integrated access provisioning operations are based on a subscription classification that identifies a controlling subscriber of an identified computing environment; wherein the computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values; wherein the functional categories are associated with corresponding access provisioning operations that are defined and performed for different subscriptions to provide isolated access approval in a distributed computing environment; wherein the enumerated values comprise different sets of support administrator operations that correspond to the plurality of access vectors; wherein the multi-environment policy is a single policy configurable to define rules based on the plurality of access vectors for approving access to both provider-controlled computing environments and customer-controlled computing environments, wherein the rules are associated with both provider parameters and customer parameters for accessing selected computing environments; based on the request values, determining whether the request is for a provider-controlled computing environment associated with the provider parameters of the plurality of access vectors or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors, wherein the request values correspond to policy parameters of the multi-environment policy; based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment, wherein the approval-request parameters are defined based on the plurality of access vectors; receiving the approval-request response values for the approval-request; and based on receiving the approval-request response values, communicating a request response indicating approval or denial of the request. Claim 2, The system of claim 1, further comprising an access management interface configured for: receiving policy values of the policy parameters of the multi-environment policy, wherein the policy parameters are based on the rules that are configured based on the plurality of access vectors; communicating the policy values to cause generation of the multi-environment policy, wherein the multi-environment policy is implemented based on submitted request values of requests for access to computing environments; receiving the request for access to the computing environment based on request parameters, wherein the request parameters are based on the rules associated with the multi-environment policy, wherein the access management interface includes graphical user interface elements associated with the plurality of access vectors; communicating the request to the access control manager; and receiving the request response comprising one or more approval-request response values, wherein the request response indicates approval or denial of access to the provider-controlled computing environment or the customer-controlled computing environment. Claims 2-7 are also rejected on the ground of nonstatutory double patenting as being unpatentable over claims 2-7 of U.S. Patent 11,700,278, respectively. Although the claim at issue is not identical, they are not patentably distinct from each other because all limitations recited in claims 2-7 the instant application are anticipated by limitations recited in claims 2-7 of U.S. Patent 11,700,278, respectively. Claim 8 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 8-9 of U.S. Patent 11,700,278. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 8 of the instant application are anticipated by limitations recited in claims 8-9 of U.S. 11,700,278 (see table below). Instant Application 18/318,621 U.S. Patent No.: 11,700,278 Claim 8, One or more computer storage media having computer-executable instructions embodied thereon that, when executed, by one or more processors, cause the one or more processors to perform a method, the method comprising: receiving, via an access management interface, policy values of policy parameters of a multi-environment policy, wherein the policy parameters are based on rules of the multi- environment policy that are configured based on a plurality of access vectors; wherein the access management interface operates with an access control manager comprising programmed instructions that define integrated access provisioning operations that combine provisioning of access to provider-controlled computing environments and customer-controlled computing environments; wherein the integrated access provisioning operations are based on subscription classifications that identify controlling subscribers of computing environments; wherein a computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values; communicating the policy values to cause generation of the multi-environment policy, wherein the multi-environment policy is implemented based on submitted request values of requests for access to the computing environments; receiving a request for access to the computing environment based on request parameters, wherein the request parameters are based on the rules associated with the multi-environment policy, wherein the access management interface includes graphical user interface elements associated with the plurality of access vectors; communicating the request to the access control manager; receiving the request response comprising one or more approval-request response values, wherein the request response indicates approval or denial of access to the provider- controlled computing environment or the customer-controlled computing environment. Claim 8, One or more computer storage media having computer-executable instructions embodied thereon that, when executed, by one or more processors, cause the one or more processors to perform a method for providing access to computing environments based on a multi-environment policy, the method comprising: receiving request values of a request associated with a computing environment, wherein the access control manager comprises programmed instructions that define integrated access provisioning operations for combined provisioning of access to provider-controlled computing environments and customer-controlled computing environment; wherein the integrated access provisioning operations are based on a subscription classification that identifies a controlling subscriber of an identified computing environment; wherein the computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values; wherein the functional categories are associated with corresponding access provisioning operations that are defined and performed for different subscriptions to provide isolated access approval in a distributed computing environment; wherein the enumerated values comprise different sets of support administrator operations that correspond to the plurality of access vectors; wherein the multi-environment policy is a single policy configurable to define rules based on the plurality of access vectors for approving access to both provider-controlled computing environments and customer-controlled computing environments, wherein the rules are associated with both provider parameters and customer parameters for accessing selected computing environments; based on the request values, determining whether the request is for a provider-controlled computing environment associated with the provider parameters of the plurality of access vectors or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors, wherein the request values correspond to policy parameters of the multi-environment policy; based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment, wherein the approval-request parameters are defined based on the plurality of access vectors; receiving the approval-request response values for the approval-request; and based on receiving the approval-request response values, communicating a request response indicating approval or denial of the request. Claim 9. The media of claim 8, the method further comprising: receiving policy values of the policy parameters of the multi-environment policy, wherein the policy parameters are based on the rules that are configured based on the plurality of access vectors; communicating the policy values to cause generation of the multi-environment policy, wherein the multi-environment policy is implemented based on submitted request values of requests for access to computing environments; receiving the request for access to the computing environment based on request parameters, wherein the request parameters are based on the rules associated with the multi-environment policy, wherein the access management interface includes graphical user interface elements associated with the plurality of access vectors; communicating the request to the access control manager; and receiving the request response comprising one or more approval-request response values, wherein the request response indicates approval or denial of access to the provider-controlled computing environment or the customer-controlled computing environment. Claims 9-14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 10-14 of U.S. Patent 11,700,278. Although the claim at issue is not identical, they are not patentably distinct from each other because all limitations recited in claims 9-14 of the instant application are anticipated by limitations recited in claims 10-14 of the US Patent 11,700,278. Claim 15 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 15 of U.S. Patent 11,700,278. Although the claim at issue is not identical, they are not patentably distinct from each other because all limitations recited in claim 15 of the instant application are anticipated by limitations recited in claim 15 of U.S. Patent 11,700,278 (See table below). Instant Application 18/318,621 U.S. Patent No.: 11,700,278 Claim 15, A computer-implemented method for providing access to computing environments based on a multi-environment policy, the method comprising: receiving, at an access control manager, request values of a request associated with a computing environment, wherein the access control manager comprises programmed instructions that define integrated access provisioning operations that combine provisioning of access to provider-controlled computing environments and customer-controlled computing environments; wherein the integrated access provisioning operations are based on a subscription classification that identifies a controlling subscriber of an identified computing environment; wherein the computing environment is associated with a plurality of access vectors and a multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary constructed based on enumerated values; based on the request values, determining whether the request is for a provider-controlled computing environment or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors; based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment; receiving the approval-request response values for the approval-request; and communicating a request response indicating approval or denial of the request Claim 15, A computer-implemented method for providing access to computing environments based on a multi-environment policy, the method comprising: receiving request values of a request associated with a computing environment, wherein the access control manager comprises programmed instructions that define integrated access provisioning operations for combined provisioning of access to provider-controlled computing environments and customer-controlled computing environment; wherein the integrated access provisioning operations are based on a subscription classification that identifies a controlling subscriber of an identified computing environment; wherein the computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values; wherein the functional categories are associated with corresponding access provisioning operations that are defined and performed for different subscriptions to provide isolated access approval in a distributed computing environment; wherein the enumerated values comprise different sets of support administrator operations that correspond to the plurality of access vectors; wherein the multi-environment policy is a single policy configurable to define rules based on the plurality of access vectors for approving access to both provider-controlled computing environments and customer-controlled computing environments, wherein the rules are associated with both provider parameters and customer parameters for accessing selected computing environments; based on the request values, determining whether the request is for a provider-controlled computing environment associated with the provider parameters of the plurality of access vectors or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors, wherein the request values correspond to policy parameters of the multi-environment policy; based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment, wherein the approval-request parameters are defined based on the plurality of access vectors; receiving the approval-request response values for the approval-request; and based on receiving the approval-request response values, communicating a request response indicating approval or denial of the request. Claims 16-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 15-20 of U.S. Patent 11,700,278. Although the claim at issue is not identical, they are not patentably distinct from each other because all limitations recited in claims 16-20 of the instant application are anticipated by limitations recited in claims 16-20 of U.S. Patent 11,700,278. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham, can be reached at telephone number 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /Canh Le/ Examiner, Art Unit 2439 January 22nd 2026 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

May 16, 2023
Application Filed
Jan 22, 2026
Non-Final Rejection — §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/429,187
Patent 12598193
FINE GRANULARITY CONTROL OF DATA ACCESS AND USAGE ACROSS MULTI-TENANT SYSTEMS
2y 5m to grant Granted Apr 07, 2026
18/094,790
Patent 12530476
METHOD AND DEVICE FOR UPDATING PERSONAL INFORMATION
2y 5m to grant Granted Jan 20, 2026
18/349,035
Patent 12531869
System and method to reduce interruptions in a network
2y 5m to grant Granted Jan 20, 2026
18/154,180
Patent 12526164
EDGE BLOCKCHAIN AUTHENTICATION
2y 5m to grant Granted Jan 13, 2026
18/181,086
Patent 12519796
VOTING AS LAST RESORT ACCESS RECOVERY FOR ACCESS MANAGEMENT
2y 5m to grant Granted Jan 06, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
74%
Grant Probability
99%
With Interview (+74.4%)
3y 11m
Median Time to Grant
Low
PTA Risk
Based on 412 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month