US 12,284,177 B2
Event-triggered reauthentication of at-risk and compromised systems and accounts
Jason Crabtree, Vienna, VA (US); and Andrew Sellers, Monument, CO (US)
Assigned to QOMPLX LLC, Reston, VA (US)
Filed by QOMPLX LLC, Reston, VA (US)
Filed on Dec. 31, 2021, as Appl. No. 17/567,069.
Application 17/567,069 is a continuation in part of application No. 16/856,827, filed on Apr. 23, 2020, granted, now 11,218,474.
Application 16/856,827 is a continuation of application No. 15/790,860, filed on Oct. 23, 2017, granted, now 10,742,647, issued on Aug. 11, 2020.
Application 15/790,860 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/790,860 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/141,752 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 15/141,752 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Claims priority of provisional application 62/574,708, filed on Oct. 19, 2017.
Prior Publication US 2022/0255926 A1, Aug. 11, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 43/04 (2022.01)
CPC H04L 63/0861 (2013.01) [H04L 43/04 (2013.01); H04L 63/083 (2013.01); H04L 63/0876 (2013.01); H04L 63/105 (2013.01); H04L 63/1433 (2013.01); H04L 63/1408 (2013.01); H04L 2463/082 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A system for event-triggered reauthentication, comprising:
a first computing system comprising a memory and a processor connected to a computer network
wherein the first computing system is configured to:
receive a plurality of system logs from a second computing system connected to the computer network;
generate a baseline usage profile of the second computing system based on the received system logs, wherein the baseline usage profile is updated based on receipt of the received system logs from the second computing system;
receive a request from the second computing system to authenticate access to a service;
in response to the received request to authenticate access to the service, determine, based on the baseline usage profile of the second computing system, whether to require additional verification from the second computing system;
retrieve a dataset of known exploit information from a plurality of databases;
identify a cybersecurity threat related to the second computing system by comparing the baseline usage profile and events within the system logs against the dataset of known exploit information; and
in response to identifying the cybersecurity threat, trigger a forced reauthentication to allow the second computing system to maintain continued access to the service.