Prosecution Insights
Last updated: July 17, 2026
Application No. 18/542,241

WELLNESS DETECTION AND RESPONSE FOR SMALL BUSINESSES

Non-Final OA §103
Filed
Dec 15, 2023
Priority
Sep 29, 2022 — IN 202241055967 +1 more
Examiner
LIN, SHERMAN L
Art Unit
2447
Tech Center
2400 — Computer Networks
Assignee
McAfee LLC
OA Round
5 (Non-Final)
29%
Grant Probability
At Risk
5-6
OA Rounds
2y 5m
Est. Remaining
66%
With Interview

Examiner Intelligence

Grants only 29% of cases
29%
Career Allowance Rate
75 granted / 258 resolved
-28.9% vs TC avg
Strong +37% interview lift
Without
With
+36.6%
Interview Lift
resolved cases with interview
Typical timeline
5y 0m
Avg Prosecution
26 currently pending
Career history
300
Total Applications
across all art units

Statute-Specific Performance

§101
0.2%
-39.8% vs TC avg
§103
97.8%
+57.8% vs TC avg
§102
1.4%
-38.6% vs TC avg
§112
0.3%
-39.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 258 resolved cases

Office Action

§103
DETAILED ACTION In a communication received on 6 April 2026, the applicants amended claims 63, 77, and 80. Claims 63-80 and 82-83 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claim(s) 63, 77, and 80 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 63-67, 72, 73, 77, 80, 82, 83 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. (US 2021/0392146 A1) in view of Pilkington et al. (US 2019/0044969 A1) and Jacobsen et al. (US 2017/0353500 A1), and further in view of Singh et al. (US 2014/0279641 A1). With respect to claim 63, Lin discloses: a computer-implemented method of providing security services for an enterprise (i.e., utilizing a combination of models to perform user and entity behavior analysis in Lin, ¶0004), comprising: computing, for the enterprise, a quantitative user-centric security posture (i.e., risk scores for users, groups, companies to identify users or situations in Lin, ¶0021), wherein computing the quantitative user-centric security posture comprises calculating, for a plurality of enterprise users, respective quantitative user risk profiles (i.e., scoring a user and behavior based on grouping, behavior, and an orchestration model to result in a security action based on the score in Lin, ¶0088). Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: calculating the quantitative user-centric security posture based on an aggregate of the respective quantitative user risk profiles (i.e., defines populations of individual entities, calculates the individual risk scores of entities and normalizes them to achieve a sensitivity for fewer by higher risk entities corresponding to an aggregate statistic of risk; "The aggregate risk score represents a security risk the particular selected population presents to the organization (420)." in Pilkington, ¶0061), and recommending actionable remediation measures for the displayed devices and user. (i.e., advising an administrator over a communication medium of a risk threshold being exceeded, various remedial actions such as monitoring via deploying software depending on severity are suggested; system disabling accounts or devices; although computer assisted or automated, it suggests that these actions can correspond to notifications via an administrator to perform them in Pilkington, ¶0015, ¶0018, ¶0056). Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise. Lin discloses quantifies the risk of the user based on the user's function producing an insight, risk score, actionable item (¶0068). Lin and Pilkington do(es) not explicitly disclose the following. Jacobsen, in order to ensure compliance of mobile devices managed by the enterprise policies by admins can recommend remediation to users and/or automate remediation (¶0086), discloses: displaying a graphical dashboard that includes a display of all devices and users of the enterprise that currently require remedial attention (dashboard report including a custom report listing of devices with corresponding device user without disk encryption, passcodes, rooted, jail broken, or wiped; devices selectable from a list by admin in Jacobsen, ¶0061, ¶0136, ¶0139). Based on Lin in view of Pilkington, and further in view of Jacobsen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Jacobsen to improve upon those of Lin in order to ensure compliance of mobile devices managed by the enterprise policies by admins can recommend remediation to users and/or automate remediation. Lin discloses quantifies the risk of the user based on the user's function producing an insight, risk score, actionable item (¶0068). Lin, Pilkington, and Jacobsen do(es) not explicitly disclose the following. Singh, in order to improve enterprise security by tracking and calculating risk of assets and entities (abstract), discloses: according to a weighted sum of numeric representations (i.e., configurable numeric risk points/scores are assigned to contributing factors/rules and summed to calculate the entity/user risk score in Singh, ¶0074; ¶0199; ¶0210), including, for a user, a user role score to represent the user's role in the enterprise (i.e., role is an explicit risk parameter/contributing factor, with user roles assigned risk/sensitivity levels and corresponding score points. in Singh, ¶0081; ¶0154), a user role sensitivity score to represent sensitivity of the user's role in the enterprise (i.e., risk/sensitivity levels with roles and sensitive systems/entitlements as a numeric role-sensitivity score in Singh, ¶0081; ¶0087), a user privilege score to represent the user's privilege level in the enterprise (i.e., user access, entitlements, and security permissions are scored with corresponding points, representing the user's privilege/access level. in Singh, ¶0052; ¶0080; ¶0081), a user behavior score to quantify a user behavior profile (i.e., behavior/usage/anomaly data are captured and contribute numeric points to an identity risk score in Singh, ¶0035; ¶0046; ¶0088;¶0110), and a digital assets score to represent digital assets assigned to the user and owned by the enterprise (i.e., asset/system-level resources, sensitive digital systems, and entitlements are scored as risk factors associated with the user in Singh, ¶0003; ¶0081; ¶0087). Based on Lin in view of Pilkington and Jacobsen, and further in view of Singh, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Singh to improve upon those of Lin in order to improve enterprise security by tracking and calculating risk of assets and entities. With respect to claim 64, Lin discloses: the computer-implemented method of claim 63, wherein the enterprise is a small or medium-sized business, family, church, religious organization, club, or educational institution (i.e., an enterprise that can utilize a scalable cloud-based security solution; the enterprise relying on more cloud-based services due to a mobile workforce with less emphasis on perimeter defense deployments in Lin, ¶0026-0027). With respect to claim 65, Lin discloses: the computer-implemented method of claim 64, wherein the user is an employee, agent, or member of the enterprise (i.e., employees, contractors, partners of the enterprise in Lin, ¶0026-0027). With respect to claim 66, Lin discloses: the computer-implemented method of claim 63, wherein digital assets further include assets owned by the user and used for enterprise operations (i.e., laptops, desktops in employee's homes with a user-centric policy tied to the user instead of the device to perform security functions in Lin, ¶0027, ¶0028). With respect to claim 67, Lin discloses: the computer-implemented method of claim 63, wherein digital assets are selected from the group consisting of electronic devices, applications, identities, shared sensitive information, online accounts, and online services (i.e., geographically dispersed devices and users; monitoring access to sensitive data in Lin, ¶0027, ¶0081). With respect to claim 72, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: the computer-implemented method of claim 63, wherein a quantitative user risk profile for a user numerically represents a combined security state of digital assets assigned to the user (i.e., aggregating risk scores off an arbitrary number of users and devices to determine a risk score in aggregate of a population of devices in Pilkington, ¶0046, ¶0047). Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise. With respect to claim 73, Lin discloses: the computer-implemented method of claim 63, further comprising defining a user-specific digital protection policy for a user based on a quantitative user risk profile (i.e., risk scores indicate compromised users or unintended privileged access; policies are user centric and not tied to devices; output a quantifiable risk of the user and output insights, scores, and actionable items to mitigate the risk in Lin, ¶0021, ¶0028, ¶0068). With respect to claim 77, the limitation(s) of claim 77 are similar to those of claim(s) 63. Therefore, claim 77 is rejected with the same reasoning as claim(s) 63. With respect to claim 80, the limitation(s) of claim 80 are similar to those of claim(s) 63. Therefore, claim 80 is rejected with the same reasoning as claim(s) 63. With respect to claim 82, the limitation(s) of claim 82 are similar to those of claim(s) 67. Therefore, claim 82 is rejected with the same reasoning as claim(s) 67. With respect to claim 83, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: the method of claim 63, further comprising sending, to a device selected for a remediation, a remediation payload comprising instructions for a remediation agent of the device to effect the remediation (in response to determining a risk score exceeding a threshold, "Software may, additionally or alternatively, be deployed to the accounts or computing devices to monitor actions or behaviors on the computing devices or associated accounts, depending on the determined risk severity" in Pilkington, ¶0018, ¶0056). Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise. Claim(s) 68-71 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. (US 2021/0392146 A1) in view of Pilkington et al. (US 2019/0044969 A1), Jacobsen et al. (US 2017/0353500 A1) and Singh et al. (US 2014/0279641 A1), and further in view of Kuppa et al. (US 2022/0286474 A1). With respect to claim 68, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Kuppa, in order to improve prioritization of remediating issues identified in quantified security assessments (¶0002), discloses: the computer-implemented method of claim 63, wherein computing a user risk profile comprises computing a sum of weighted scores for a plurality of risk categories (i.e., assets with different security controls configured, an overall causal effect of each security control can be determined; computing a weighted average as a summation of weighted scores based on the plurality of individuals and assets in Kuppa, ¶0049, ¶0067). Based on Lin in view of Pilkington, Jacobsen and Singh, and further in view of Kuppa, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kuppa to improve upon those of Lin in order to improve prioritization of remediating issues identified in quantified security assessments. With respect to claim 69, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Kuppa, in order to improve prioritization of remediating issues identified in quantified security assessments (¶0002), discloses: the computer-implemented method of claim 68, wherein the weighted scores are uniformly values between 0 and 1 (i.e., respective weighting for different contributions sum up to 1.0 and are less than 1.0 in Kuppa, ¶0064). Based on Lin in view of Pilkington, Jacobsen and Singh, and further in view of Kuppa, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kuppa to improve upon those of Lin in order to improve prioritization of remediating issues identified in quantified security assessments. With respect to claim 70, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Kuppa, in order to improve prioritization of remediating issues identified in quantified security assessments (¶0002), discloses: the computer-implemented method of claim 68, wherein the sum of weighted scores total substantially 1.0 (i.e., stakeholders can assign weightings to particular parameters of a risk trade off score, the weights corresponding to prevention, detection, and response sum up to a weight of 1 in Kuppa, ¶0064). Based on Lin in view of Pilkington, Jacobsen and Singh, and further in view of Kuppa, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kuppa to improve upon those of Lin in order to improve prioritization of remediating issues identified in quantified security assessments. With respect to claim 71, Lin discloses: the computer-implemented method of claim 68, wherein the risk categories comprise security (i.e., security risk determination, determining infection risk based on URL behavior analysis in Lin, ¶0071, ¶0076), privacy (i.e., to prevent data theft, scoring based on data leakage or trade secret theft based on employee access privileges and behavior compared to peers of similar job function in Lin, ¶0079, ¶0081, ¶0084), and identity (i.e., identify highly privileged users based on collaboration pattern and other insiders to derive risk and alert severity of monitored behavior in Lin, ¶0079). Claim(s) 74-76, 78, and 79 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. (US 2021/0392146 A1) in view of Pilkington et al. (US 2019/0044969 A1), Jacobsen et al. (US 2017/0353500 A1), and Singh et al. (US 2014/0279641 A1), and further in view of Gorlamandala (US 2020/0356676 A1). With respect to claim 74, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Gorlamandala, in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems (¶0017), discloses: the computer-implemented method of claim 73, further comprising presenting to a human security operator an actional graphical display comprising a set of prioritized protection actions to enforce the specific digital protection policy (i.e., provide a report to a user via display of an email or text message or document on the user device; an entity or event may be classified into different risk levels; recommendations can be prioritized based on the severity of the risks in Gorlamandala, ¶0017, ¶0057). Based on Lin in view of Pilkington, Jacobsen, and Singh, and further in view of Gorlamandala, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Gorlamandala to improve upon those of Lin in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems. With respect to claim 75, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Gorlamandala, in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems (¶0017), discloses: the computer-implemented method of claim 63, further comprising providing a weekly report to show remedial actions for one or more users, groups, or subgroups to take to remediate one or more problematic digital protection states (i.e., users may subscribe to receive the reports periodically, the reports may be sent to an individual or group of people; the report contains remediation actions for the corresponding risk scores events/assets in Gorlamandala, ¶0017, ¶0057). Based on Lin in view of Pilkington, Jacobsen, and Singh, and further in view of Gorlamandala, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Gorlamandala to improve upon those of Lin in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems. With respect to claim 76, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: the computer-implemented method of claim 75, wherein the weekly report further provides digital protection score trends and remedial action trends (i.e., visualize trends in risk scores and reductions in risk after security measures are rolled out in Pilkington, ¶0047). Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise. With respect to claim 78, the limitation(s) of claim 78 are similar to those of claim(s) 75. Therefore, claim 78 is rejected with the same reasoning as claim(s) 75. With respect to claim 79, the limitation(s) of claim 79 are similar to those of claim(s) 76. Therefore, claim 79 is rejected with the same reasoning as claim(s) 76. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Sherman Lin 6/27/2026 /S. L./Examiner, Art Unit 2447 /JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447
Read full office action

Prosecution Timeline

Show 12 earlier events
Oct 20, 2025
Applicant Interview (Telephonic)
Oct 20, 2025
Examiner Interview Summary
Oct 22, 2025
Response Filed
Feb 06, 2026
Final Rejection mailed — §103
Apr 06, 2026
Response after Non-Final Action
May 06, 2026
Request for Continued Examination
May 14, 2026
Response after Non-Final Action
Jul 02, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12639474
RESTRICTED ENVIRONMENTS FOR MESSAGE GENERATION IN NETWORKED ENVIRONMENTS
5y 8m to grant Granted May 26, 2026
Patent 12494926
QUIC TRANSPORT PROTOCOL-BASED COMMUNICATION METHOD AND SYSTEM
3y 8m to grant Granted Dec 09, 2025
Patent 12445523
DISCOVERY AND CONFIGURATION OF IOT DEVICES
5y 7m to grant Granted Oct 14, 2025
Patent 12267257
VIRTUAL MACHINE MIGRATION IN CLOUD INFRASTRUCTURE NETWORKS
5y 2m to grant Granted Apr 01, 2025
Patent 12206751
METHODS AND SYSTEMS FOR CONTENT DISTRIBUTION
4y 10m to grant Granted Jan 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
29%
Grant Probability
66%
With Interview (+36.6%)
5y 0m (~2y 5m remaining)
Median Time to Grant
High
PTA Risk
Based on 258 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month