&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11818150.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,818,150 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and methods for detecting and mitigating golden SAML attacks against federated services</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Randy Clayton,  Frederick, MD (US);  Jason Crabtree,  Vienna, VA (US);  Luka Jurukovski,  Arlington, VA (US);  Richard Kelley,  Woodbridge, VA (US);  Angadbir Singh Salaria,  Herndon, VA (US);  Andrew Sellers,  Monument, CO (US); and  Farooq Israr Ahmed Shaikh,  Reston, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  QOMPLX LLC,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  QOMPLX, Inc.,  Tysons, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  27, 2022, as Appl. No. 17/975,548.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/975,548 is a continuation of application No. 17/163,073, filed on Jan.  29, 2021, granted, now 11,552,968.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/163,073 is a continuation in part of application No. 15/837,845, filed on Dec.  11, 2017, granted, now 11,005,824, issued on May   11, 2021.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/837,845 is a continuation in part of application No. 15/825,350, filed on Nov.  29, 2017, granted, now 10,594,714, issued on Mar.  17, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/825,350 is a continuation in part of application No. 15/725,274, filed on Oct.  4, 2017, granted, now 10,609,079, issued on Mar.  31, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul.  20, 2017, granted, now 10,735,456, issued on Aug.  4, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun.  7, 2017, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/616,427 is a continuation in part of application No. 15/237,625, filed on Aug.  15, 2016, granted, now 10,248,910, issued on Apr.  2, 2019.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul.  8, 2016, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun.  18, 2016, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May   26, 2016, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr.  28, 2016, granted, now 10,860,962, issued on Dec.  8, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr.  5, 2016, granted, now 10,204,147, issued on Feb.  12, 2019.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/091,563 is a continuation in part of application No. 14/986,536, filed on Dec.  31, 2015, granted, now 10,210,255, issued on Feb.  19, 2019.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 14/986,536 is a continuation in part of application No. 14/925,974, filed on Oct.  28, 2015, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct.  28, 2015, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/596,105, filed on Dec.  7, 2017.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0118726 A1, Apr.  20, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>H04L 9/06</b></i> (2006.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)&#xa0;[<i><b>H04L 63/0876</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/1466</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>12 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11818150-20231114-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system for detecting and mitigating golden Security Assertion Markup Language (SAML) attacks against federated services, comprising:<div class="claim_text">a computing device comprising a memory and a processor;</div>
                <div class="claim_text">an authentication object inspector comprising a first plurality of programming instructions stored in the memory which, when operating on the processor, causes the computing device to:<div class="claim_text">receive network traffic comprising a plurality of network packets, the plurality of network packets comprising a first authentication object for a user of a federated service, the first authentication object comprising a first identification string known to be generated by an identity provider associated with the federated service;</div>
                  <div class="claim_text">store a record of the first authentication object, with attached metadata comprising a timestamp of when the first authentication object was received, in a time-series database;</div>
                  <div class="claim_text">generate a security cookie for the first authentication object;</div>
                  <div class="claim_text">provide the security cookie to the identity provider from which the first authentication object was generated for inclusion in additional authentication objects issued to the user;</div>
                  <div class="claim_text">receive a request for access to the federated service by the user accompanied by a second authentication object comprising a second identification string and the security cookie;</div>
                  <div class="claim_text">compare a value of the second identification string of the second authentication object against a value of the second identification string of the stored record of the first authentication object;</div>
                </div>
                <div class="claim_text">check the second authentication object for the security cookie; and<div class="claim_text">generate an authentication failure if the security cookie is missing or invalid.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>