DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/11/2021  has been entered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Brian S. Boon on 03/26/2021.

This listing of claims will replace all prior versions and listings of claims in the application:
IN THE CLAIMS:
1. (Currently amended) A system for detecting and mitigating forged authentication object attacks, comprising: 
an authentication object inspector comprising a first plurality of programming instructions stored in a memory of, and operating on a processor of, a computing device, wherein the first plurality of programmable instructions, when operating on the processor, cause the computing device to: 
receive a plurality of first authentication objects known to be generated by an identity provider associated with a federated service;
calculate a cryptographic hash of each first authentication object using a hashing engine;
store the cryptographic hashes of the first authentication objects in a database of hashes for the identity provider;
receive a request for access to the federated service accompanied by a second authentication object;
calculate a cryptographic hash of the second authentication object using the hashing engine;
determine whether the second authentication object is forged by comparing the hash of the second authentication object with the hashes of the first authentication objects stored in the database of hashes to determine whether the hash of the second authentication object already exists in the database; and
where the hash of the second authentication object does not exist in the database, generate a notification that the second authentication object may be forged; and
a hashing engine comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programmable instructions, when operating on the processor, cause the computing device to: 
receive authentication objects from the authentication object inspector; 
calculate a cryptographic hash for each authentication object received by performing at least a plurality of calculations and transformations on each
return the cryptographic hash of each authentication object received to the authentication object inspector [[.]]; and
a rules engine comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the third plurality of programmable instructions, when operating on the processor, cause the computing device to: 
 retrieve a plurality of predefined event-condition-action rules from a data store upon detection of a forged authentication object; and 
execute commands as dictated in each predefined event-condition-action rule;
wherein the plurality of event-condition-action rules are nested to create a series of circuit breaker checks to mitigate unauthorized access through the use of the forged authentication object. 

2-3. (Canceled)

4. (Original) The system of claim 1, wherein, upon detection of an invalid authentication object, an administrative user is notified, and provided with access data associated with the invalid authentication object. 
 
5. (Previously presented) The system of claim 4, wherein at least a portion of the access data comprises resources accessed by the owner of the invalid authentication object. 

6. (Previously presented) The system of claim 4, wherein at least a portion of the access data comprises blast radius data associated with the owner of the invalid authentication object. 

7. (Canceled)

8. (Currently amended) A method for detecting and mitigating forged authentication object attacks, comprising the steps of: 
receiving a plurality of first authentication objects known to be generated by an identity provider associated with a federated service;
calculating a cryptographic hash of each first authentication object using a hashing engine;
storing the cryptographic hashes of the first authentication 
receiving a request for access to the federated service accompanied by a second authentication object;
calculating a cryptographic hash of the second authentication object using the hashing engine;
determining whether the second authentication object is forged by comparing the hash of the second authentication object with the hashes of the first authentication objects stored in the database of hashes to determine whether the hash of the second authentication object already exists in the database; 
where the hash of the second authentication object does not exist in the database, generating a notification that the second authentication object may be forged [[
retrieving a plurality of predefined event-condition-action rules from a data store upon detection of a forged authentication object;
executing commands as dictated in each predefined event-condition-action rule;
wherein the plurality of event-condition-action rules are nested to create a series of circuit breaker checks to mitigate unauthorized access through the use of the forged authentication object. 

9-10. (Canceled)

11. (Original) The method of claim 8, wherein, upon detection of an invalid authentication object, an administrative user is notified, and provided with access data associated with the invalid authentication object. 

12. (Original) The method of claim 11, wherein at least a portion of the access data comprises resources accessed by the owner of the invalid authentication object. 

13. (Original) The method of claim 11, wherein at least a portion of the access data comprises blast radius data associated with the owner of the invalid authentication object.

Allowable Subject Matter

Claims 1, 4-6, 8, and 11-13 are allowed.

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, the substance of applicant’s remarks filed 02/11/2021 are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance.

	Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493