Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communication received 8/24/2020. Claims 1-20 are pending.

Priority
The present application claims domestic priority from multiple applications through CIP, dating back to 2015. However, an inspection of the parents CIP revealed that the subject matter in the independent claim is supported by parent application 15166158, filed on 5/26/2016. No other parent supports the subject matter. Therefore the priority date for the present application is considered to be 5/26/2016.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/24/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.


Allowed Claims
Claims 1-20 are allowed.

Reason for Allowance

 The prior art of the record fails to teach all the limitations in the independent claims, which recite substantially:
A system for detection and mitigation of Kerberos authentication attacks, comprising: a graph module comprising a first plurality of programming instructions stored in a memory of, and operating on a processor of, a computing device, wherein the first plurality of programming 5instructions, when operating on the processor, cause the computing device to: retrieve information about a plurality of steps regarding a Kerberos transaction, the information comprising authentication data regarding clients, services, and key distribution centers; create a graph representing a period of Kerberos transactions, the graph comprising nodes 10representing the clients, services, and key distribution centers associated with a plurality of Kerberos transactions and edges representing a plurality of time-series identity information associated with each independent Kerberos transaction; and identify cybersecurity attacks by detecting missing or anomalous data within the plurality of time-series identity information.
Gorelick et al 10515366 a risk analysis server is able to express users and transaction devices as nodes in a graph and the connections between them as edges in the graph. The risk analysis server may then match the topology of the graph in a neighborhood of the user initiating the transaction to a known topology that is linked to an indication of risk
Gamage et al 20150249669 receiving a user authentication request, verifying the user information, representing the user and all other nodes and edges (relations) associated with the request are included in a graph, and exclude all nodes/edges that are private to the user. 

Other relevant arts:
Hart et al 20160330233  discloses detecting malicious activity in network session associated with a Kerberos protocol ticket , and detection of golden and silver ticket.
Sarra 9807104 discloses malicious activities affecting the Kerberos authentication, including golden ticket attack. 
Sancheti et al 20170244730 disclose attacks on the Kerberos protocol: Pass the ticket attack,  golden ticket attack 0059,  pass the hash/credential theft attack 0062-  
Plotnik et al 20160065565 discloses det3ecting forged authentication data during Kerberos.
Chasman et al 20200014659 discloses detecting Golden and Silver ticket Kerberos attack.
Srinivasan et al 20140380427 disclose generating a graph with specified authentication constraints; the trust level among functional entities and authentication scope of the users are inferred, and this information is used to infer validity of inter-connections between different functional entities as well as the operations that can be performed by nodes.
Betouin et al 20100115276 disclose generating a graph from multiple inputs, formalizing the graph, calculating paths between starting and ending nodes in the graph using a shortest path algorithm and performing a digest operation based on the derived paths to generate a deterministic binary value. In another aspect of this disclosure, authentication is performed utilizing deterministic binary values and a graph-merging function
Agrawal et al 20100082493 disclose measuring trust in a transaction over a public key certificate network connecting nodes representing different public keys with a probability that the public keys are reliable.
John R. Johnson and Emilie A. Hogan “A Graph Analytic Metric for Mitigating Advanced Persistent Threat” , ISI 2013, June 4-7, 2013, Seattle, Washington, USA, 129-133 disclose a reachability graph is built between nodes in network, rebuilt after each authorization request, i.e recalculate risk associated with granting the new authorization request , the risk decreasing or increasing the vulnerability to attacks.

None of the prior art of the record disclose detecting cybersecurity incidents using graph, as recited in the independent claims. Therefore, the claims are allowable.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        6/4/2022